582ad51b14aec27c377e94075c8f7acb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

582ad51b14aec27c377e94075c8f7acb_JaffaCakes118
Size

406KB
MD5

582ad51b14aec27c377e94075c8f7acb
SHA1

821f9c75558339044a1491db3165d5445b0a3f06
SHA256

2de6bde148b9a42a65f5dae36c903811e56d702d7d319900877f2d5d74273236
SHA512

a25fa0130b6a78deeaa3941a513a3da8aaa60d2439f1224274d8d7f290bf7cd4463c63678e8270ad8e89c70a7927302d9da427df51dcf5fb970d195c947c2fad
SSDEEP

6144:MU/OLpMfqR6vtVIgyPFiChgkX7WOMeLpebnZgUe4A29pNwz:MU/OLCftLqPACIeoFa4A29Dwz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
582ad51b14aec27c377e94075c8f7acb_JaffaCakes118

Files

582ad51b14aec27c377e94075c8f7acb_JaffaCakes118
.dll windows:6 windows x86 arch:x86

c6999771217f1216d96e792ac4717a66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\9\Similar\7\82\Listen\22\17\2\Sleep\92\toward\39\89\live.pdb

Imports

kernel32

VirtualProtectEx
Sleep
TlsAlloc
TlsSetValue
GetModuleFileNameA
GetModuleHandleA
GetEnvironmentVariableA
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
RemoveDirectoryA
CloseHandle
DecodePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetFileSizeEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
EncodePointer
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetStdHandle
GetFileType
WriteConsoleW
HeapAlloc
HeapValidate
GetSystemInfo
ExitProcess
WriteFile
OutputDebugStringW
LCMapStringW
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
GetProcessHeap
CreateFileW

msacm32

acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamConvert
acmStreamMessage
acmStreamReset
acmStreamSize
acmStreamClose
acmStreamOpen
acmFilterChooseA
acmFilterEnumA
acmFilterDetailsA
acmFilterTagEnumA
acmFilterTagDetailsA
acmFormatChooseA
acmFormatSuggest
acmFormatEnumA
acmFormatDetailsA
acmFormatTagEnumA
acmFormatTagDetailsA
acmDriverPriority
acmDriverOpen
acmDriverRemove
acmMetrics
acmGetVersion

Exports

Exports

Joinmy
Soldiertriangle
Yellowsaid

Sections

.text
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6999771217f1216d96e792ac4717a66

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msacm32

Exports

Exports

Sections

.text Size: 381KB - Virtual size: 381KB

.data Size: 5KB - Virtual size: 349KB

.idata Size: 3KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 284B

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 381KB - Virtual size: 381KB

.data
Size: 5KB - Virtual size: 349KB

.idata
Size: 3KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 284B

.reloc
Size: 14KB - Virtual size: 14KB